xml-dev - Re: [xml-dev] ANN: Building Web Services the REST Way

Re: [xml-dev] ANN: Building Web Services the REST Way

[ Lists Home | Date Index | Thread Index ]

To: Miles Sabin <miles@milessabin.com>
Subject: Re: [xml-dev] ANN: Building Web Services the REST Way
From: Rich Salz <rsalz@datapower.com>
Date: Wed, 03 Jul 2002 20:55:54 -0400
Cc: xml-dev@lists.xml.org
References: <3D22F197.40ADB79E@mitre.org> <3D231767.8070003@datapower.com> <3D237229.1EB4C33A@prescod.net> <200207032314.43400.miles@milessabin.com>
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0rc1) Gecko/20020417

 >>>Imagine requesting medical
>>>records; because of my "only endpoints" requirement -- imposed by
>>>us HIPPA regulations -- SSL will not suffice.)
>>
>>Could you describe how SSL fails to satisfy?
> 
> Perhaps the HTTPS server isn't the endpoint in the sense relevant to the 
> security constraint ... but it will see the cleartext URI.

Yes.  In addition, SSL works by having two parties share a common key. 
That makes digital signature and non-repudiable disclosure impossible: 
each party could claim the other signed or exposed the data.  Public-key 
crypto does not have those attributes.
	/r$

Follow-Ups:
- Re: [xml-dev] ANN: Building Web Services the REST Way
  - From: Paul Prescod <paul@prescod.net>

References:
- ANN: Building Web Services the REST Way
  - From: "Roger L. Costello" <costello@mitre.org>
- Re: [xml-dev] ANN: Building Web Services the REST Way
  - From: Rich Salz <rsalz@datapower.com>
- Re: [xml-dev] ANN: Building Web Services the REST Way
  - From: Paul Prescod <paul@prescod.net>
- Re: [xml-dev] ANN: Building Web Services the REST Way
  - From: Miles Sabin <miles@milessabin.com>

Prev by Date: Re: [xml-dev] ANN: Building Web Services the REST Way
Next by Date: Re: [xml-dev] ANN: Building Web Services the REST Way
Previous by thread: Re: [xml-dev] ANN: Building Web Services the REST Way
Next by thread: Re: [xml-dev] ANN: Building Web Services the REST Way
Index(es):
- Date
- Thread